VDB
GCVE-110-MAGEIA-2014-555
GCVE-110-MAGEIA-2014-555
Advisory Published
Updated mediawiki packages fix security vulnerabilities:
In MediaWiki before 1.23.8, thumb.php outputs wikitext message as raw HTML,
which could lead to cross-site scripting. Permission to edit MediaWiki
namespace is required to exploit this.
In MediaWiki before 1.23.8, a malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains in API calls if it only included an allowed domain as
part of its name.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | mediawiki | 1.23.8-1.mga4 (unaffected), 0 (affected) | — |
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.